Selecting A Security Solution; Proxy Versus Stream-Based Security Processing - Allied Telesis AR Series Technical Manual
Feature overview and configuration guide advanced network protection
Hide thumbs
Also See for AR Series:
- Configuration (43 pages) ,
- Hardware reference manual (100 pages) ,
- Hardware reference manual (111 pages)
Table of Contents
Advertisement
Selecting a Security Solution
Selecting a Security Solution
This section describes in more detail the following:
"Proxy Versus Stream-based Security Processing" on page 24
"Packet Flow Architecture" on page
"Selecting a UTM Firewall" on page
firewall for your network requirements. This includes performance versus security guidelines.
"URL Filtering or Web Control?" on page 30
"Anti-virus or Malware Protection?" on page 31
"Firewall/NAT Rules, Entities and Performance" on page 32
Proxy Versus Stream-based Security Processing
There are two types of scanning processes used by these advanced security features—proxy-based
processes and stream-based processes.
Both types of processes focus on delivering secure and robust network protection via application-
level inspection and scanning. However, each works in a different way with a distinctly different
impact upon network latency and performance.
Proxy-based processes are those in which the security device acts as a proxy for the data's
destination. The security device will receive and reconstruct a whole file, and examine it for
threats, before passing it on to the eventual destination.
Proxy-based features on AR-Series firewalls are: Anti-virus and Web Control.
Stream-based processes are those in which packets are examined in real-time as they pass
through the device. When a threat is detected, the data is then blocked.
The stream-based features on AR-Series firewalls are: IPS, Malware Protection, IP reputation,
and URL Filtering.
Proxy-
Proxy-based engines act as an intermediary; they terminate each session from a client, establish an
based
associated session to the target server, and monitor the associated session state in a transparent
processing
manner. They perform threat scanning by extracting the stored object data that is being transported
in a data stream, and matching that data against various known threat signatures contained in the
threat signature database files.
Large amounts of memory and system CPU resources can be used performing object file extraction,
packet re-ordering and re-assembly, scanning, and object file re-transfer. Also, proxying the TCP
session reduces the overall data throughput.
C613-22104-00 REV B
25, including UTM CPU processing requirements
28, provides information to guide you in selecting a suitable
Proxy Versus Stream-based Security Processing
Advanced Network Protection
|
Page 24
Hide quick links:
Advertisement
Table of Contents
